rgw: ARN generation based on uid for Roles.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>

diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc
index 3b31fea8f420b919e31ebea90102443c96ff25fd..1dfbcbef7e41ea4678170c84d7a03a7ce91e6598 100644 (file)
--- a/src/rgw/rgw_admin.cc
+++ b/src/rgw/rgw_admin.cc
@@ -4592,8 +4592,10 @@ int main(int argc, const char **argv)
     return 0;
   case OPT_ROLE_CREATE:
     {
-      if (role_name.empty() || assume_role_doc.empty()) {
-        cerr << "ERROR: one of role name or assume role policy document is empty" << std::endl;
+      string uid;
+      user_id.to_str(uid);
+      if (role_name.empty() || assume_role_doc.empty() || uid.empty()) {
+        cerr << "ERROR: one of role name or assume role policy document or uid is empty" << std::endl;
         return -EINVAL;
       }
       /* The following two calls will be replaced by read_decode_json or something
@@ -4610,7 +4612,7 @@ int main(int argc, const char **argv)
         return -EINVAL;
       }
       string trust_policy = bl.to_str();
-      RGWRole role(g_ceph_context, store, role_name, path, trust_policy);
+      RGWRole role(g_ceph_context, store, role_name, path, trust_policy, uid);
       ret = role.create(true);
       if (ret < 0) {
         return -ret;

diff --git a/src/rgw/rgw_rest_role.cc b/src/rgw/rgw_rest_role.cc
index cef274494a28d5f2284b5ffb9cfa586c15e59d81..31d8e996c667b09ee021ded9c70c523f2b709d1c 100644 (file)
--- a/src/rgw/rgw_rest_role.cc
+++ b/src/rgw/rgw_rest_role.cc
@@ -77,7 +77,9 @@ void RGWCreateRole::execute()
   if (op_ret < 0) {
     return;
   }
-  RGWRole role(s->cct, store, role_name, role_path, trust_policy);
+  string uid;
+  s->user->user_id.to_str(uid);
+  RGWRole role(s->cct, store, role_name, role_path, trust_policy, uid);
   op_ret = role.create(true);
 
   if (op_ret == -EEXIST) {

diff --git a/src/rgw/rgw_role.cc b/src/rgw/rgw_role.cc
index aff9c9b2b72569bb8a8a197980594dd22453d135..9ccc20e70e3a22730005199dd6a8283940e817ec 100644 (file)
--- a/src/rgw/rgw_role.cc
+++ b/src/rgw/rgw_role.cc
@@ -21,6 +21,7 @@ using namespace std;
 const string RGWRole::role_name_oid_prefix = "role_names.";
 const string RGWRole::role_oid_prefix = "roles.";
 const string RGWRole::role_path_oid_prefix = "role_paths.";
+const string RGWRole::role_arn_prefix = "arn:aws:iam::";
 
 int RGWRole::store_info(bool exclusive)
 {
@@ -77,7 +78,7 @@ int RGWRole::create(bool exclusive)
   id = uuid_str;
 
   //arn
-  arn = "arn:aws:iam::role" + path + name;
+  arn = role_arn_prefix + uid + ":role" + path + name;
 
   // Creation time
   real_clock::time_point t = real_clock::now();

diff --git a/src/rgw/rgw_role.h b/src/rgw/rgw_role.h
index d6b955ddcd8548612e2658aff1168b3d8f9e685f..f8a60a4c5680d50195bcfb6f3dd421235241f1c4 100644 (file)
--- a/src/rgw/rgw_role.h
+++ b/src/rgw/rgw_role.h
@@ -6,6 +6,7 @@ class RGWRole
   static const string role_name_oid_prefix;
   static const string role_oid_prefix;
   static const string role_path_oid_prefix;
+  static const string role_arn_prefix;
 
   CephContext *cct;
   RGWRados *store;
@@ -16,6 +17,7 @@ class RGWRole
   string creation_date;
   string trust_policy;
   map<string, string> perm_policy_map;
+  string uid;
 
   int store_info(bool exclusive);
   int store_name(bool exclusive);
@@ -30,12 +32,14 @@ public:
           RGWRados *store,
           string name,
           string path,
-          string trust_policy)
+          string trust_policy,
+          string uid)
   : cct(cct),
     store(store),
     name(std::move(name)),
     path(std::move(path)),
-    trust_policy(std::move(trust_policy)) {
+    trust_policy(std::move(trust_policy)),
+    uid(std::move(uid)) {
     if (this->path.empty())
       this->path = "/";
   }